Saturday, September 7, 2024
HomeCVE/vulnerabilitySpectre NG - 8 New Serious Spectre Level Security Vulnerabilities Found in...

Spectre NG – 8 New Serious Spectre Level Security Vulnerabilities Found in Intel Processors

Published on

Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches.

Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors.

Spectre and Meltdown flaw allow an attacker to steal the data that currently processed on the computer it includes the process of personal photos, Emails, Password manager, instant messages and sensitive documents.

- Advertisement - EHA

Recent discovered “Spectre Next Generation or Spectre-NG”  vulnerabilities have their own names and this flaw have been affected some of the ARM CPUs as well.

Group of security researchers has been reported all these vulnerabilities to Intel and Intel is already working on its own patches for Spectre-NG.

Also, Intel Planned to work with other operating system manufacturers and planning to release the patch in two waves. first one will be May 2018 and the second one will be August 2018.

Google Zero-day elite hackers have been reported one of the 8 vulnerabilities and they have 90-day deadline policy to fix the vulnerability so it was unclear about going public when the deadline ends.

According to Intel, 4 Vulnerabilities are classified as the severity of “high risk” and other 4 vulnerabilities are “Medium risk” in this Out of 8 Spectre-NG Vulnerabilities.

These high-risk vulnerabilities attack scenario similar to the Spectre vulnerability and one of the 8 vulnerability has estimated the potential risk is higher than old Spectre vulnerability.

According to Researchers, Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.

Also, Spectre-NG vulnerability exploitation is quite easier for the attackers across system boundaries.

Researchers warned that this Spectre-NG flaw danger for private individuals and corporate PCs and they should be taken seriously and the upcoming Spectre-NG updates should be installed quickly after their release.

A Spectre-NG vulnerability has been clearly double and triple check the consequences of the flaw and researchers denied to publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public.

In this case, Microsoft already started working for patches and PC manufacturers are taking too long to provide BIOS updates. Microsoft already announced up to $250,000 in a bug bounty program for Spectre flaws .

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

SonicWall Access Control Vulnerability Exploited in the Wild

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management...

Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution

A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity...

Veeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data...